Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Brak możliwości instalacji Frameworka

Rozpoczęty przez timmy , 21 07 2008 16:38

Temat jest zamknięty

10 odpowiedzi w tym temacie

#1 timmy

Zaawansowany użytkownik

624 postów

Napisano 21 07 2008 - 16:38

Witam. mam problem bo nie moge zainstalowac net frame work 3.5 a jest mi bardzo potrzeny przeskanowalem kompa anty virem (Eset Smart Security)

gdy instaluje net frame work to wychodzi mi error setup.exe

sciagalem z idg.pl i z microsoftu.com

i dalej nic oto Logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:03, on 2008-07-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ULiRaid\ULiRaid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\TE_xp.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\cFosSpeed\spd.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 195.27.0.108 osro.p512.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULiRaid\ULiRaid.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TE_xp] C:\WINDOWS\system32\TE_xp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: WConfig.lnk = C:\Program Files\WLAN\WConfig\WConfig.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40F6F058-8829-43CB-A0EA-A806B3510392}: NameServer = 174.138.200.1,194.204.152.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{40F6F058-8829-43CB-A0EA-A806B3510392}: NameServer = 174.138.200.1,194.204.152.34
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7459 bytes

ComboFix 08-07-20.9 - larrie 2008-07-21 16:33:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.523 [GMT 2:00]
Running from: C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\avi.dll
C:\WINDOWS\system32\ff_liba52.dll
C:\WINDOWS\system32\ff_libdts.dll
C:\WINDOWS\system32\ff_libfaad2.dll
C:\WINDOWS\system32\ff_libmad.dll
C:\WINDOWS\system32\ff_realaac.dll
C:\WINDOWS\system32\ff_samplerate.dll
C:\WINDOWS\system32\ff_tremor.dll
C:\WINDOWS\system32\ff_unrar.dll
C:\WINDOWS\system32\ff_wmv9.dll
C:\WINDOWS\system32\libavcodec.dll
C:\WINDOWS\system32\libmpeg2_ff.dll
C:\WINDOWS\system32\libmplayer.dll
C:\WINDOWS\system32\mkunicode.dll
C:\WINDOWS\system32\mkx.dll
C:\WINDOWS\system32\mkzlib.dll
C:\WINDOWS\system32\mmfinfo.dll
C:\WINDOWS\system32\mp4.dll
C:\WINDOWS\system32\ogm.dll
C:\WINDOWS\system32\ts.dll
C:\WINDOWS\system32\xvidvfw.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-21 16:32 . 2008-07-21 16:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 14:37 . 2008-07-21 14:41 <DIR> d-------- C:\Program Files\WinImage
2008-07-21 14:32 . 2008-07-21 14:32 <DIR> d-------- C:\WINDOWS\system32\SRP
2008-07-20 13:18 . 2008-07-20 13:18 <DIR> d-------- C:\Program Files\7-Zip
2008-07-19 03:50 . 2008-07-19 03:50 <DIR> d-------- C:\Program Files\Mplayer
2008-07-19 03:48 . 2008-07-19 03:50 871 --a------ C:\WINDOWS\QIII.INI
2008-07-19 02:01 . 2003-09-23 07:00 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-07-18 18:50 . 2008-07-18 18:51 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-07-18 18:46 . 2008-07-18 18:51 <DIR> d-------- C:\Program Files\Avanquest update
2008-07-18 18:46 . 2008-07-18 18:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\BVRP Software
2008-07-18 18:46 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-18 18:46 . 2008-04-14 00:15 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-07-18 18:45 . 2008-07-18 18:50 24,192 --a------ C:\Documents and Settings\larrie.FRITZZ-372D3EA5\usbsermptxp.sys
2008-07-18 18:45 . 2008-07-18 18:50 22,768 --a------ C:\Documents and Settings\larrie.FRITZZ-372D3EA5\usbsermpt.sys
2008-07-18 18:25 . 2008-07-20 15:17 <DIR> d-------- C:\Program Files\BY TÜRK MOBILE WORLD-moto
2008-07-16 13:41 . 2008-07-16 13:41 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\LEAPS
2008-07-16 13:39 . 2008-07-16 13:39 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Pegasys Inc
2008-07-16 13:35 . 2008-07-16 13:35 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-07-16 13:35 . 2008-07-16 13:34 122,512 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2008-07-16 13:35 . 2008-07-16 13:34 56,976 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2008-07-16 13:35 . 2008-07-16 13:34 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-07-16 12:27 . 2008-07-16 12:28 <DIR> d-------- C:\Program Files\QuickTime
2008-07-16 12:27 . 2008-07-16 12:27 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-16 12:27 . 2008-07-16 12:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple Computer
2008-07-16 12:27 . 2008-07-16 12:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple
2008-07-16 08:54 . 2008-07-16 08:54 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Publish Providers
2008-07-16 08:53 . 2008-07-16 09:11 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Sony
2008-07-15 03:58 . 2008-07-15 03:58 <DIR> d-------- C:\Program Files\Java
2008-07-15 03:58 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-15 03:57 . 2008-07-15 03:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-14 17:51 . 2008-07-14 17:51 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\AdobeUM
2008-07-14 17:49 . 2008-07-14 17:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-14 15:40 . 2008-07-14 15:40 <DIR> d-------- C:\Program Files\Acclaim Entertainment
2008-07-13 22:01 . 2004-08-18 03:34 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-07-11 19:36 . 2008-07-11 19:36 280 --a------ C:\WINDOWS\xxxx.bat
2008-07-11 19:11 . 2008-07-11 20:18 <DIR> d-------- C:\Program Files\Sync Manager
2008-07-11 19:08 . 2008-07-11 20:17 <DIR> d-------- C:\Program Files\PDM
2008-07-11 04:20 . 2008-07-11 04:20 <DIR> d-------- C:\Program Files\Winamp
2008-07-11 04:20 . 2008-07-11 04:21 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Winamp
2008-07-07 21:33 . 2008-07-16 08:56 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2008-07-07 19:16 . 2001-08-17 21:53 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2008-07-07 19:16 . 2001-08-17 21:53 4,992 --a--c--- C:\WINDOWS\system32\dllcache\loop.sys
2008-07-07 18:23 . 2008-07-07 18:23 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-07 08:58 . 2008-07-07 08:58 507 --a------ C:\WINDOWS\eReg.dat
2008-07-06 07:10 . 2008-07-16 14:28 <DIR> d-------- C:\Downloads
2008-07-06 07:08 . 2008-07-06 15:51 <DIR> d-------- C:\Program Files\FlashGet
2008-07-06 00:42 . 2008-07-07 00:21 <DIR> d-------- C:\Program Files\wlsc uploader
2008-07-05 23:23 . 2008-07-05 23:24 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-05 04:19 . 2008-06-03 13:31 8,704 --a------ C:\Documents and Settings\larrie.FRITZZ-372D3EA5\fixccs.exe
2008-07-05 04:01 . 2008-07-05 04:01 1,320 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-07-04 07:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-04 07:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-03 23:22 . 2008-07-03 23:22 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-03 23:22 . 2008-07-03 23:22 <DIR> d-------- C:\Program Files\Common Files\Kaspersky Lab
2008-07-03 13:07 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-02 13:26 . 2008-03-20 18:46 334,792 --a------ C:\WINDOWS\system32\_AxShlEx.dll
2008-07-02 13:25 . 2008-07-02 13:30 <DIR> d-------- C:\Program Files\free-downloads.net
2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\Program Files\Conduit
2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-02 07:50 . 2008-07-21 09:44 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-02 01:56 . 2008-07-02 01:57 <DIR> d-------- C:\Program Files\X-Setup Pro
2008-07-02 01:56 . 2008-07-02 01:56 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\X-Setup Pro
2008-07-02 01:56 . 2008-07-02 01:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\X-Setup Pro
2008-07-01 19:29 . 2008-07-01 19:29 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-01 15:39 . 2008-07-01 15:39 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\DAEMON Tools
2008-07-01 14:22 . 2008-07-01 14:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-01 03:20 . 2008-06-25 10:33 732,376 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2008-07-01 03:18 . 2008-07-21 16:35 <DIR> d-------- C:\Program Files\cFosSpeed
2008-07-01 03:18 . 2008-06-25 10:33 290,008 --a------ C:\WINDOWS\system32\cfosspeed.dll
2008-07-01 00:27 . 2008-07-01 00:27 <DIR> d-------- C:\Program Files\Nero
2008-07-01 00:27 . 2008-07-01 00:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Nero
2008-06-30 22:52 . 2008-06-30 22:52 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2008-06-30 21:38 . 2008-06-30 21:38 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Nero
2008-06-30 15:28 . 2008-06-30 15:28 <DIR> d-------- C:\Program Files\Maxis
2008-06-30 15:28 . 2008-06-30 15:28 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\WINDOWS
2008-06-30 15:28 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2008-06-30 12:30 . 2008-07-11 19:52 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Nowe Gadu-Gadu
2008-06-30 12:29 . 2008-06-30 12:30 <DIR> d-------- C:\Program Files\Nowe Gadu-Gadu
2008-06-30 07:50 . 2008-06-30 11:21 <DIR> d-------- C:\RmConverterOutput
2008-06-30 07:47 . 2008-05-13 22:44 <DIR> d-------- C:\Strażnik - The Sentinel (2006)
2008-06-29 21:21 . 2008-04-14 00:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-29 20:07 . 2008-05-30 03:08 733,698,048 --------- C:\Borderland.avi
2008-06-29 20:07 . 2008-05-22 13:37 172 --a------ C:\-=upload24h=-.url
2008-06-29 19:22 . 2008-06-30 08:42 <DIR> d-------- C:\Program Files\English Translator 3
2008-06-29 14:40 . 2008-06-29 14:42 <DIR> d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner Pro
2008-06-29 09:22 . 2008-06-29 09:49 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Ahead
2008-06-29 08:57 . 2008-06-29 08:59 <DIR> d-------- C:\Program Files\Ultra RM Converter
2008-06-29 07:30 . 2008-06-29 07:30 <DIR> d-------- C:\CCEFront
2008-06-29 03:39 . 2008-06-29 03:39 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Media Player Classic
2008-06-29 03:11 . 2008-06-29 03:11 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-28 18:34 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-28 18:33 . 2008-07-01 00:23 <DIR> d-------- C:\Program Files\Ahead
2008-06-28 18:33 . 2008-06-28 18:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ahead
2008-06-28 15:54 . 2008-04-23 09:20 6,066,176 --------- C:\WINDOWS\system32\SET364.tmp
2008-06-28 15:54 . 2008-04-23 09:20 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-28 15:54 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-28 15:54 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-28 15:54 . 2008-04-23 09:20 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-28 15:54 . 2008-04-23 09:20 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-28 15:54 . 2008-04-23 09:20 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-28 15:54 . 2008-04-23 09:20 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-28 15:54 . 2008-04-23 09:20 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-28 15:54 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-27 18:17 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-27 18:17 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-27 18:12 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-27 18:08 . 2008-06-25 14:55 387,601 --a------ C:\WINDOWS\system32\TE_xp.exe
2008-06-27 18:06 . 2008-06-27 18:06 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\DivX
2008-06-27 18:06 . 2008-06-27 18:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Office Genuine Advantage
2008-06-27 18:05 . 2008-06-27 18:07 <DIR> d-------- C:\Program Files\HyCam2
2008-06-27 17:44 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-06-27 17:44 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-06-27 17:44 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-06-27 17:38 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\mmamr.ax
2008-06-27 17:38 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-06-27 17:38 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\CoreAAC.ax
2008-06-27 17:37 . 2008-06-27 17:37 468 --a------ C:\WINDOWS\system32\splitter.ax
2008-06-27 17:37 . 2008-06-27 17:37 468 --a------ C:\WINDOWS\system32\FLVSplitter.ax
2008-06-27 17:37 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\ffdshow.ax.manifest
2008-06-27 17:37 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\CoreVorbis.ax
2008-06-27 17:37 . 2008-06-27 17:37 468 --a------ C:\WINDOWS\system32\CoreAVCDecoder.ax
2008-06-27 13:46 . 2008-06-27 13:49 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Auslogics
2008-06-27 13:24 . 2008-06-27 13:25 <DIR> d-------- C:\WINDOWS\nview
2008-06-27 13:24 . 2005-02-24 17:32 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-27 13:24 . 2005-02-24 17:32 14,435 --a------ C:\WINDOWS\system32\nvdisp.nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 11:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-03 10:43 350,464 ----a-w C:\WINDOWS\inf\isprnt.exe
2008-06-30 20:51 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll
2008-06-30 20:51 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-06-30 10:29 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-26 17:29 --------- d-----w C:\Program Files\mIRC
2008-06-26 16:42 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-26 16:39 --------- d-----w C:\Program Files\NT Registry Optimizer
2008-06-26 10:37 --------- d-----w C:\Documents and Settings\larrie\Dane aplikacji\mIRC
2008-06-25 13:10 --------- d-----w C:\Program Files\auslogic
2008-06-24 12:17 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-24 11:55 --------- d-----w C:\Program Files\MarBit
2008-06-24 11:55 --------- d-----w C:\Documents and Settings\larrie\Dane aplikacji\Gadu-Gadu
2008-06-24 11:55 --------- d-----w C:\Documents and Settings\larrie\Dane aplikacji\ESET
2008-06-24 11:54 --------- d-----w C:\Program Files\ESET
2008-06-24 11:52 --------- d-----w C:\Program Files\Uniblue
2008-06-24 11:52 --------- d-----w C:\Program Files\MyPortal
2008-06-24 11:45 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-24 11:44 --------- d-----w C:\Program Files\Usługi online
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-10 16:56 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-10 16:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-10 16:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-05-09 10:56 90,112 -c--a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 430,080 -c--a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 180,224 -c--a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 172,032 -c--a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 -c--a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 -c--a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,291,776 -c--a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 10:12 1885464]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 00:51 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-07-21 16:19 6144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
"ULiRaid"="C:\Program Files\ULiRaid\ULiRaid.exe" [2006-05-12 13:57 630784]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 20:25 2707456]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 17:32 5537792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 17:32 86016]
"TE_xp"="C:\WINDOWS\system32\TE_xp.exe" [2008-06-25 14:55 387601]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-06-25 10:32 867544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-02-24 17:32 1495040 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
Kaspersky Anti-Hacker.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe [2006-05-11 16:05:33 2195583]
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [2008-06-24 14:00:01 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-10-25 11:35]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2006-05-11 16:05]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2006-05-11 16:06]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2005-07-04 14:21]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R3 msloop;Sterownik karty Microsoft Loopback;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
R3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-31 09:47]
S3 NTProcDrv;Process creation detector for NT.;E:\isrobot\NtProcDrv.sys []
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 10:27:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
O17 -: HKLM\CCS\Interface\{40F6F058-8829-43CB-A0EA-A806B3510392}: NameServer = 174.138.200.1,194.204.152.34

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 16:35:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-21 16:36:02
ComboFix-quarantined-files.txt 2008-07-21 14:35:59

Pre-Run: 7,260,565,504 bajtów wolnych
Post-Run: 7,351,668,736 bajtów wolnych

305 --- E O F --- 2008-07-08 18:46:49

0

Do góry

#2 karolkuich

Początkujący

141 postów

Napisano 22 07 2008 - 00:54

Na początek odinstaluj C:\Program Files\free-downloads.net

Poniżej to pomyłka Combo:

C:\WINDOWS\system32\avi.dll
C:\WINDOWS\system32\ff_liba52.dll
C:\WINDOWS\system32\ff_libdts.dll
C:\WINDOWS\system32\ff_libfaad2.dll
C:\WINDOWS\system32\ff_libmad.dll
C:\WINDOWS\system32\ff_realaac.dll
C:\WINDOWS\system32\ff_samplerate.dll
C:\WINDOWS\system32\ff_tremor.dll
C:\WINDOWS\system32\ff_unrar.dll
C:\WINDOWS\system32\ff_wmv9.dll
C:\WINDOWS\system32\libavcodec.dll
C:\WINDOWS\system32\libmpeg2_ff.dll
C:\WINDOWS\system32\libmplayer.dll
C:\WINDOWS\system32\mkunicode.dll
C:\WINDOWS\system32\mkx.dll
C:\WINDOWS\system32\mkzlib.dll
C:\WINDOWS\system32\mmfinfo.dll
C:\WINDOWS\system32\mp4.dll
C:\WINDOWS\system32\ogm.dll
C:\WINDOWS\system32\ts.dll
C:\WINDOWS\system32\xvidvfw.dll

Przejdź do folderu C:\Qoobox\Quarantine, odszukaj te pliki, usuń z nazwy rozszerzenie .vir i wrzuć do folderu C:\WINDOWS\System32

Następnie wklej do notatnika (jeśli jesteś pewien, że znasz poniższe pliki to nie usuwaj i napisz o tym, ja nie jestem graczem i nie wiem, co się w niektórych wypadkach stosuje):

File::
C:\WINDOWS\system32\TE_xp.exe
C:\-=upload24h=-.url

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TE_xp"=-

W HijackThis :

> Dołączona grafika

<

Zaznacz :

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

>>

<<

Wklej loga z Combo.

0

Do góry

#3 timmy

Zaawansowany użytkownik

624 postów

Napisano 22 07 2008 - 12:21

kurcze blade doslownie teraz zlapalem jakis vir co chwile okienko ze komp jest zainfekowany i nacisnij ok zeby sciagniac program do usuniecia pliku

menadzer zadan zostal wylaczony przez virusa i panel sterowania wszystko niewidoczne jak mam wlaczyc menadzer zadan zadan bo ten
virus mi go usunął tera niby po zrobieniu logo combofixem pokazal sie panel sterowania
ale menadzer zadan dalej nie dziala pisze ze wylaczony przez administratora

ComboFix 08-07-20.9 - larrie 2008-07-22 13:30:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.434 [GMT 2:00]
Running from: C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Pulpit\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Pulpit\Error Cleaner.url
C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Pulpit\Privacy Protector.url
C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Pulpit\Spyware&Malware Protection.url
C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Ulubione\Error Cleaner.url
C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Ulubione\Privacy Protector.url
C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Ulubione\Spyware&Malware Protection.url
C:\WINDOWS\erms.exe
C:\WINDOWS\etlx.exe
C:\WINDOWS\evgratsm.dll
C:\WINDOWS\kgxmotapktx.dll
C:\WINDOWS\kvxqmtre.dll
C:\WINDOWS\qndsfmao.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-22 13:04 . 2008-07-17 12:14 155,648 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-22 13:03 . 2008-07-22 11:37 356,352 --a------ C:\WINDOWS\nfavxwdbxka.dll
2008-07-22 13:03 . 2008-07-22 11:37 290,816 --a------ C:\WINDOWS\wnslvxtf.dll
2008-07-22 13:03 . 2008-07-22 11:37 258,048 --a------ C:\WINDOWS\eqvwamkl.dll
2008-07-22 13:03 . 2008-07-22 11:38 204,800 --a------ C:\WINDOWS\fdkowvbp.dll
2008-07-22 13:03 . 2008-07-22 11:38 94,208 --a------ C:\WINDOWS\grswptdl.exe
2008-07-22 04:00 . 2008-07-22 04:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Trophy Bass 2007
2008-07-22 01:46 . 2008-07-22 01:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-21 16:32 . 2008-07-21 16:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 14:37 . 2008-07-21 14:41 <DIR> d-------- C:\Program Files\WinImage
2008-07-21 14:32 . 2008-07-21 14:32 <DIR> d-------- C:\WINDOWS\system32\SRP
2008-07-20 13:18 . 2008-07-20 13:18 <DIR> d-------- C:\Program Files\7-Zip
2008-07-19 03:50 . 2008-07-19 03:50 <DIR> d-------- C:\Program Files\Mplayer
2008-07-19 03:48 . 2008-07-21 21:22 952 --a------ C:\WINDOWS\QIII.INI
2008-07-19 02:01 . 2003-09-23 07:00 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-07-18 18:50 . 2008-07-18 18:51 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-07-18 18:46 . 2008-07-18 18:51 <DIR> d-------- C:\Program Files\Avanquest update
2008-07-18 18:46 . 2008-07-18 18:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\BVRP Software
2008-07-18 18:46 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-18 18:46 . 2008-04-14 00:15 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-07-18 18:45 . 2008-07-18 18:50 24,192 --a------ C:\Documents and Settings\larrie.FRITZZ-372D3EA5\usbsermptxp.sys
2008-07-18 18:45 . 2008-07-18 18:50 22,768 --a------ C:\Documents and Settings\larrie.FRITZZ-372D3EA5\usbsermpt.sys
2008-07-18 18:25 . 2008-07-20 15:17 <DIR> d-------- C:\Program Files\BY TÜRK MOBILE WORLD-moto
2008-07-16 13:41 . 2008-07-16 13:41 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\LEAPS
2008-07-16 13:39 . 2008-07-16 13:39 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Pegasys Inc
2008-07-16 13:35 . 2008-07-16 13:35 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-07-16 13:35 . 2008-07-16 13:34 122,512 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2008-07-16 13:35 . 2008-07-16 13:34 56,976 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2008-07-16 13:35 . 2008-07-16 13:34 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-07-16 12:27 . 2008-07-16 12:28 <DIR> d-------- C:\Program Files\QuickTime
2008-07-16 12:27 . 2008-07-16 12:27 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-16 12:27 . 2008-07-16 12:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple Computer
2008-07-16 12:27 . 2008-07-16 12:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple
2008-07-16 08:54 . 2008-07-16 08:54 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Publish Providers
2008-07-16 08:53 . 2008-07-16 09:11 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Sony
2008-07-15 03:58 . 2008-07-15 03:58 <DIR> d-------- C:\Program Files\Java
2008-07-15 03:58 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-15 03:57 . 2008-07-15 03:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-14 17:51 . 2008-07-14 17:51 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\AdobeUM
2008-07-14 17:49 . 2008-07-14 17:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-14 15:40 . 2008-07-14 15:40 <DIR> d-------- C:\Program Files\Acclaim Entertainment
2008-07-13 22:01 . 2004-08-18 03:34 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-07-11 19:36 . 2008-07-11 19:36 280 --a------ C:\WINDOWS\xxxx.bat
2008-07-11 19:11 . 2008-07-11 20:18 <DIR> d-------- C:\Program Files\Sync Manager
2008-07-11 19:08 . 2008-07-11 20:17 <DIR> d-------- C:\Program Files\PDM
2008-07-11 04:20 . 2008-07-11 04:20 <DIR> d-------- C:\Program Files\Winamp
2008-07-11 04:20 . 2008-07-11 04:21 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Winamp
2008-07-07 21:33 . 2008-07-16 08:56 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2008-07-07 19:16 . 2001-08-17 21:53 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2008-07-07 19:16 . 2001-08-17 21:53 4,992 --a--c--- C:\WINDOWS\system32\dllcache\loop.sys
2008-07-07 18:23 . 2008-07-07 18:23 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-07 08:58 . 2008-07-07 08:58 507 --a------ C:\WINDOWS\eReg.dat
2008-07-06 07:10 . 2008-07-22 05:39 <DIR> d-------- C:\Downloads
2008-07-06 07:08 . 2008-07-06 15:51 <DIR> d-------- C:\Program Files\FlashGet
2008-07-06 00:42 . 2008-07-07 00:21 <DIR> d-------- C:\Program Files\wlsc uploader
2008-07-05 23:23 . 2008-07-05 23:24 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-05 04:19 . 2008-06-03 13:31 8,704 --a------ C:\Documents and Settings\larrie.FRITZZ-372D3EA5\fixccs.exe
2008-07-05 04:01 . 2008-07-05 04:01 1,320 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-07-04 07:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-04 07:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-03 23:22 . 2008-07-03 23:22 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-03 23:22 . 2008-07-03 23:22 <DIR> d-------- C:\Program Files\Common Files\Kaspersky Lab
2008-07-03 13:07 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-02 13:26 . 2008-03-20 18:46 334,792 --a------ C:\WINDOWS\system32\_AxShlEx.dll
2008-07-02 13:25 . 2008-07-02 13:30 <DIR> d-------- C:\Program Files\free-downloads.net
2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\Program Files\Conduit
2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-02 07:50 . 2008-07-21 17:32 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-02 01:56 . 2008-07-02 01:57 <DIR> d-------- C:\Program Files\X-Setup Pro
2008-07-02 01:56 . 2008-07-02 01:56 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\X-Setup Pro
2008-07-02 01:56 . 2008-07-02 01:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\X-Setup Pro
2008-07-01 19:29 . 2008-07-01 19:29 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-01 15:39 . 2008-07-01 15:39 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\DAEMON Tools
2008-07-01 14:22 . 2008-07-01 14:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-01 03:20 . 2008-06-25 10:33 732,376 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2008-07-01 03:18 . 2008-07-22 13:32 <DIR> d-------- C:\Program Files\cFosSpeed
2008-07-01 03:18 . 2008-06-25 10:33 290,008 --a------ C:\WINDOWS\system32\cfosspeed.dll
2008-07-01 00:27 . 2008-07-01 00:27 <DIR> d-------- C:\Program Files\Nero
2008-07-01 00:27 . 2008-07-01 00:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Nero
2008-06-30 22:52 . 2008-06-30 22:52 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2008-06-30 21:38 . 2008-06-30 21:38 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Nero
2008-06-30 15:28 . 2008-06-30 15:28 <DIR> d-------- C:\Program Files\Maxis
2008-06-30 15:28 . 2008-06-30 15:28 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\WINDOWS
2008-06-30 15:28 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2008-06-30 12:30 . 2008-07-11 19:52 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Nowe Gadu-Gadu
2008-06-30 12:29 . 2008-06-30 12:30 <DIR> d-------- C:\Program Files\Nowe Gadu-Gadu
2008-06-30 07:50 . 2008-06-30 11:21 <DIR> d-------- C:\RmConverterOutput
2008-06-30 07:47 . 2008-05-13 22:44 <DIR> d-------- C:\Strażnik - The Sentinel (2006)
2008-06-29 21:21 . 2008-04-14 00:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-29 20:07 . 2008-05-30 03:08 733,698,048 --------- C:\Borderland.avi
2008-06-29 19:22 . 2008-06-30 08:42 <DIR> d-------- C:\Program Files\English Translator 3
2008-06-29 14:40 . 2008-06-29 14:42 <DIR> d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner Pro
2008-06-29 09:22 . 2008-06-29 09:49 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Ahead
2008-06-29 08:57 . 2008-06-29 08:59 <DIR> d-------- C:\Program Files\Ultra RM Converter
2008-06-29 03:39 . 2008-06-29 03:39 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Media Player Classic
2008-06-29 03:11 . 2008-06-29 03:11 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-28 18:34 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-28 18:33 . 2008-07-01 00:23 <DIR> d-------- C:\Program Files\Ahead
2008-06-28 18:33 . 2008-06-28 18:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ahead
2008-06-28 15:54 . 2008-04-23 09:20 6,066,176 --------- C:\WINDOWS\system32\SET364.tmp
2008-06-28 15:54 . 2008-04-23 09:20 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-28 15:54 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-28 15:54 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-28 15:54 . 2008-04-23 09:20 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-28 15:54 . 2008-04-23 09:20 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-28 15:54 . 2008-04-23 09:20 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-28 15:54 . 2008-04-23 09:20 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-28 15:54 . 2008-04-23 09:20 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-28 15:54 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-27 18:17 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-27 18:17 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-27 18:12 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-27 18:08 . 2008-06-25 14:55 387,601 --a------ C:\WINDOWS\system32\TE_xp.exe
2008-06-27 18:06 . 2008-06-27 18:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Office Genuine Advantage
2008-06-27 18:05 . 2008-06-27 18:07 <DIR> d-------- C:\Program Files\HyCam2
2008-06-27 17:44 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-06-27 17:44 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-06-27 17:44 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-06-27 17:38 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\mmamr.ax
2008-06-27 17:38 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-06-27 17:38 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\CoreAAC.ax
2008-06-27 17:37 . 2008-06-27 17:37 468 --a------ C:\WINDOWS\system32\splitter.ax
2008-06-27 17:37 . 2008-06-27 17:37 468 --a------ C:\WINDOWS\system32\FLVSplitter.ax
2008-06-27 17:37 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\ffdshow.ax.manifest
2008-06-27 17:37 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\CoreVorbis.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 11:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-03 10:43 350,464 ----a-w C:\WINDOWS\inf\isprnt.exe
2008-06-30 20:51 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll
2008-06-30 10:29 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-26 17:29 --------- d-----w C:\Program Files\mIRC
2008-06-26 16:39 --------- d-----w C:\Program Files\NT Registry Optimizer
2008-06-26 10:37 --------- d-----w C:\Documents and Settings\larrie\Dane aplikacji\mIRC
2008-06-25 13:10 --------- d-----w C:\Program Files\auslogic
2008-06-24 12:17 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-24 11:55 --------- d-----w C:\Program Files\MarBit
2008-06-24 11:55 --------- d-----w C:\Documents and Settings\larrie\Dane aplikacji\Gadu-Gadu
2008-06-24 11:55 --------- d-----w C:\Documents and Settings\larrie\Dane aplikacji\ESET
2008-06-24 11:54 --------- d-----w C:\Program Files\ESET
2008-06-24 11:52 --------- d-----w C:\Program Files\Uniblue
2008-06-24 11:52 --------- d-----w C:\Program Files\MyPortal
2008-06-24 11:45 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-24 11:44 --------- d-----w C:\Program Files\Usługi online
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-10 16:56 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-10 16:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-10 16:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-09 10:56 90,112 -c--a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 430,080 -c--a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 180,224 -c--a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 172,032 -c--a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 -c--a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 -c--a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,291,776 -c--a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602807BB-4586-4B35-BFD0-B2E221667595}]
2008-07-22 11:37 356352 --a------ C:\WINDOWS\nfavxwdbxka.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF4940D2-F131-4412-BB03-4E40FCE06EC7}"= "C:\WINDOWS\fdkowvbp.dll" [2008-07-22 11:38 204800]

[HKEY_CLASSES_ROOT\clsid\{ef4940d2-f131-4412-bb03-4e40fce06ec7}]
[HKEY_CLASSES_ROOT\fdkowvbp.1]
[HKEY_CLASSES_ROOT\TypeLib\{B2A65C78-2311-471A-9F2D-86FD55FC79DB}]
[HKEY_CLASSES_ROOT\fdkowvbp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 10:12 1885464]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-07-21 16:19 6144]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 00:51 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
"ULiRaid"="C:\Program Files\ULiRaid\ULiRaid.exe" [2006-05-12 13:57 630784]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 20:25 2707456]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 17:32 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-06-25 10:32 867544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 17:32 5537792]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
Kaspersky Anti-Hacker.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe [2006-05-11 16:05:33 2195583]
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [2008-06-24 14:00:01 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eqvwamkl"= {DD430AAA-72A7-4246-97EB-C5F0583B5EF1} - C:\WINDOWS\eqvwamkl.dll [2008-07-22 11:37 258048]
"wnslvxtf"= {56E3D5C6-3012-4E21-9938-CE90B049487F} - C:\WINDOWS\wnslvxtf.dll [2008-07-22 11:37 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-10-25 11:35]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2006-05-11 16:05]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2006-05-11 16:06]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2005-07-04 14:21]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R3 msloop;Sterownik karty Microsoft Loopback;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
R3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-31 09:47]
S3 NTProcDrv;Process creation detector for NT.;E:\isrobot\NtProcDrv.sys []
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 10:27:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll
SSODL-kvxqmtre-{5AF33348-F5FC-4D05-AD5F-365941167B83} - C:\WINDOWS\kvxqmtre.dll
SSODL-evgratsm-{4FE7CFCC-60EB-46DB-A31F-23E558D98B4C} - C:\WINDOWS\evgratsm.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O17 -: HKLM\CCS\Interface\{40F6F058-8829-43CB-A0EA-A806B3510392}: NameServer = 174.138.200.1,194.204.152.34

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 13:32:44
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-22 13:33:29
ComboFix-quarantined-files.txt 2008-07-22 11:33:24
ComboFix2.txt 2008-07-22 10:10:09

Pre-Run: 7,324,848,128 bajtów wolnych
Post-Run: 7,344,095,232 bajtów wolnych

303 --- E O F --- 2008-07-08 18:46:49

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38: VIRUS ALERT!, on 2008-07-22
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ULiRaid\ULiRaid.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Pulpit\etmin.exe
C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Pulpit\RapGet\rapget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 195.27.0.108 osro.p512.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {602807BB-4586-4B35-BFD0-B2E221667595} - C:\WINDOWS\nfavxwdbxka.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: fdkowvbp - {EF4940D2-F131-4412-BB03-4E40FCE06EC7} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULiRaid\ULiRaid.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: WConfig.lnk = C:\Program Files\WLAN\WConfig\WConfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40F6F058-8829-43CB-A0EA-A806B3510392}: NameServer = 174.138.200.1,194.204.152.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{40F6F058-8829-43CB-A0EA-A806B3510392}: NameServer = 174.138.200.1,194.204.152.34
O21 - SSODL: eqvwamkl - {DD430AAA-72A7-4246-97EB-C5F0583B5EF1} - C:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {56E3D5C6-3012-4E21-9938-CE90B049487F} - C:\WINDOWS\wnslvxtf.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7627 bytes

0

Do góry

#4 karolkuich

Początkujący

141 postów

Napisano 22 07 2008 - 15:21

Wklej do notatnika :

File::
C:\WINDOWS\agpqlrfm.exe
C:\WINDOWS\nfavxwdbxka.dll
C:\WINDOWS\wnslvxtf.dll
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\grswptdl.exe

Folder::
C:\Program Files\free-downloads.net

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602807BB-4586-4B35-BFD0-B2E221667595}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF4940D2-F131-4412-BB03-4E40FCE06EC7}"=-
[-HKEY_CLASSES_ROOT\clsid\{ef4940d2-f131-4412-bb03-4e40fce06ec7}]
[-HKEY_CLASSES_ROOT\fdkowvbp.1]
[-HKEY_CLASSES_ROOT\TypeLib\{B2A65C78-2311-471A-9F2D-86FD55FC79DB}]
[HKEY_CLASSES_ROOT\fdkowvbp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eqvwamkl"=-
"wnslvxtf"=-

Plik zapisz jako CFScript.txt , przeciągnij i upuść na ikonkę ComboFixa.

W HijackThis :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

Nastepnie pobierz : http://cybertrash.pl/images/tata/Smitfraud...itFraudFix.html

Logi wklej.

Ciekawostka :

Usuwana strona w HijackThis prowadzi do programu Ultimate Cleaner
Oczywiście to fałszywy program : http://www.bezpieczenstwosystemow.pl/index.php?topic=193.0

0

Do góry

#5 timmy

Zaawansowany użytkownik

624 postów

Napisano 22 07 2008 - 16:14

to tak log z Combofixa

ComboFix 08-07-20.9 - larrie 2008-07-22 16:05:49.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.408 [GMT 2:00]
Running from: C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Pulpit\CFScript.txt.txt
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::
C:\WINDOWS\agpqlrfm.exe
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\nfavxwdbxka.dll
C:\WINDOWS\wnslvxtf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Ulubione\Error Cleaner.url
C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Ulubione\Privacy Protector.url
C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Ulubione\Spyware&Malware Protection.url
C:\Program Files\free-downloads.net
C:\Program Files\free-downloads.net\INSTALL.LOG
C:\Program Files\free-downloads.net\tbfre1.dll
C:\Program Files\free-downloads.net\tbfree.dll
C:\Program Files\free-downloads.net\toolbar.cfg
C:\Program Files\free-downloads.net\UNWISE.EXE
C:\WINDOWS\agpqlrfm.exe
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\nfavxwdbxka.dll
C:\WINDOWS\wnslvxtf.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-22 04:00 . 2008-07-22 04:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Trophy Bass 2007
2008-07-22 01:46 . 2008-07-22 01:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-21 16:32 . 2008-07-21 16:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 14:37 . 2008-07-21 14:41 <DIR> d-------- C:\Program Files\WinImage
2008-07-21 14:32 . 2008-07-21 14:32 <DIR> d-------- C:\WINDOWS\system32\SRP
2008-07-20 13:18 . 2008-07-20 13:18 <DIR> d-------- C:\Program Files\7-Zip
2008-07-19 03:50 . 2008-07-19 03:50 <DIR> d-------- C:\Program Files\Mplayer
2008-07-19 03:48 . 2008-07-21 21:22 952 --a------ C:\WINDOWS\QIII.INI
2008-07-19 02:01 . 2003-09-23 07:00 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-07-18 18:50 . 2008-07-18 18:51 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-07-18 18:46 . 2008-07-18 18:51 <DIR> d-------- C:\Program Files\Avanquest update
2008-07-18 18:46 . 2008-07-18 18:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\BVRP Software
2008-07-18 18:46 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-18 18:46 . 2008-04-14 00:15 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-07-18 18:45 . 2008-07-18 18:50 24,192 --a------ C:\Documents and Settings\larrie.FRITZZ-372D3EA5\usbsermptxp.sys
2008-07-18 18:45 . 2008-07-18 18:50 22,768 --a------ C:\Documents and Settings\larrie.FRITZZ-372D3EA5\usbsermpt.sys
2008-07-18 18:25 . 2008-07-20 15:17 <DIR> d-------- C:\Program Files\BY TÜRK MOBILE WORLD-moto
2008-07-16 13:41 . 2008-07-16 13:41 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\LEAPS
2008-07-16 13:39 . 2008-07-16 13:39 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Pegasys Inc
2008-07-16 13:35 . 2008-07-16 13:35 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-07-16 13:35 . 2008-07-16 13:34 122,512 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2008-07-16 13:35 . 2008-07-16 13:34 56,976 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2008-07-16 13:35 . 2008-07-16 13:34 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-07-16 12:27 . 2008-07-16 12:28 <DIR> d-------- C:\Program Files\QuickTime
2008-07-16 12:27 . 2008-07-16 12:27 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-16 12:27 . 2008-07-16 12:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple Computer
2008-07-16 12:27 . 2008-07-16 12:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple
2008-07-16 08:54 . 2008-07-16 08:54 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Publish Providers
2008-07-16 08:53 . 2008-07-16 09:11 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Sony
2008-07-15 03:58 . 2008-07-15 03:58 <DIR> d-------- C:\Program Files\Java
2008-07-15 03:58 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-15 03:57 . 2008-07-15 03:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-14 17:51 . 2008-07-14 17:51 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\AdobeUM
2008-07-14 17:49 . 2008-07-14 17:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-14 15:40 . 2008-07-14 15:40 <DIR> d-------- C:\Program Files\Acclaim Entertainment
2008-07-13 22:01 . 2004-08-18 03:34 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-07-11 19:36 . 2008-07-11 19:36 280 --a------ C:\WINDOWS\xxxx.bat
2008-07-11 19:11 . 2008-07-11 20:18 <DIR> d-------- C:\Program Files\Sync Manager
2008-07-11 19:08 . 2008-07-11 20:17 <DIR> d-------- C:\Program Files\PDM
2008-07-11 04:20 . 2008-07-11 04:20 <DIR> d-------- C:\Program Files\Winamp
2008-07-11 04:20 . 2008-07-11 04:21 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Winamp
2008-07-07 21:33 . 2008-07-16 08:56 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2008-07-07 19:16 . 2001-08-17 21:53 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2008-07-07 19:16 . 2001-08-17 21:53 4,992 --a--c--- C:\WINDOWS\system32\dllcache\loop.sys
2008-07-07 18:23 . 2008-07-07 18:23 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-07 08:58 . 2008-07-07 08:58 507 --a------ C:\WINDOWS\eReg.dat
2008-07-06 07:10 . 2008-07-22 05:39 <DIR> d-------- C:\Downloads
2008-07-06 07:08 . 2008-07-06 15:51 <DIR> d-------- C:\Program Files\FlashGet
2008-07-06 00:42 . 2008-07-07 00:21 <DIR> d-------- C:\Program Files\wlsc uploader
2008-07-05 23:23 . 2008-07-05 23:24 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-05 04:19 . 2008-06-03 13:31 8,704 --a------ C:\Documents and Settings\larrie.FRITZZ-372D3EA5\fixccs.exe
2008-07-05 04:01 . 2008-07-05 04:01 1,320 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-07-04 07:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-04 07:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-03 23:22 . 2008-07-03 23:22 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-03 23:22 . 2008-07-03 23:22 <DIR> d-------- C:\Program Files\Common Files\Kaspersky Lab
2008-07-03 13:07 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-02 13:26 . 2008-03-20 18:46 334,792 --a------ C:\WINDOWS\system32\_AxShlEx.dll
2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\Program Files\Conduit
2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-02 07:50 . 2008-07-21 17:32 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-02 01:56 . 2008-07-02 01:57 <DIR> d-------- C:\Program Files\X-Setup Pro
2008-07-02 01:56 . 2008-07-02 01:56 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\X-Setup Pro
2008-07-02 01:56 . 2008-07-02 01:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\X-Setup Pro
2008-07-01 19:29 . 2008-07-01 19:29 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-01 15:39 . 2008-07-01 15:39 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\DAEMON Tools
2008-07-01 14:22 . 2008-07-01 14:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-01 03:20 . 2008-06-25 10:33 732,376 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2008-07-01 03:18 . 2008-07-22 16:07 <DIR> d-------- C:\Program Files\cFosSpeed
2008-07-01 03:18 . 2008-06-25 10:33 290,008 --a------ C:\WINDOWS\system32\cfosspeed.dll
2008-07-01 00:27 . 2008-07-01 00:27 <DIR> d-------- C:\Program Files\Nero
2008-07-01 00:27 . 2008-07-01 00:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Nero
2008-06-30 22:52 . 2008-06-30 22:52 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2008-06-30 21:38 . 2008-06-30 21:38 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Nero
2008-06-30 15:28 . 2008-06-30 15:28 <DIR> d-------- C:\Program Files\Maxis
2008-06-30 15:28 . 2008-06-30 15:28 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\WINDOWS
2008-06-30 15:28 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2008-06-30 12:30 . 2008-07-11 19:52 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Nowe Gadu-Gadu
2008-06-30 12:29 . 2008-06-30 12:30 <DIR> d-------- C:\Program Files\Nowe Gadu-Gadu
2008-06-30 07:50 . 2008-06-30 11:21 <DIR> d-------- C:\RmConverterOutput
2008-06-30 07:47 . 2008-05-13 22:44 <DIR> d-------- C:\Strażnik - The Sentinel (2006)
2008-06-29 21:21 . 2008-04-14 00:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-29 20:07 . 2008-05-30 03:08 733,698,048 --------- C:\Borderland.avi
2008-06-29 19:22 . 2008-06-30 08:42 <DIR> d-------- C:\Program Files\English Translator 3
2008-06-29 14:40 . 2008-06-29 14:42 <DIR> d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner Pro
2008-06-29 09:22 . 2008-06-29 09:49 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Ahead
2008-06-29 08:57 . 2008-06-29 08:59 <DIR> d-------- C:\Program Files\Ultra RM Converter
2008-06-29 03:39 . 2008-06-29 03:39 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Media Player Classic
2008-06-29 03:11 . 2008-06-29 03:11 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-28 18:34 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-28 18:33 . 2008-07-01 00:23 <DIR> d-------- C:\Program Files\Ahead
2008-06-28 18:33 . 2008-06-28 18:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ahead
2008-06-28 15:54 . 2008-04-23 09:20 6,066,176 --------- C:\WINDOWS\system32\SET364.tmp
2008-06-28 15:54 . 2008-04-23 09:20 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-28 15:54 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-28 15:54 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-28 15:54 . 2008-04-23 09:20 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-28 15:54 . 2008-04-23 09:20 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-28 15:54 . 2008-04-23 09:20 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-28 15:54 . 2008-04-23 09:20 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-28 15:54 . 2008-04-23 09:20 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-28 15:54 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-27 18:17 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-27 18:17 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-27 18:12 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-27 18:08 . 2008-06-25 14:55 387,601 --a------ C:\WINDOWS\system32\TE_xp.exe
2008-06-27 18:06 . 2008-06-27 18:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Office Genuine Advantage
2008-06-27 18:05 . 2008-06-27 18:07 <DIR> d-------- C:\Program Files\HyCam2
2008-06-27 17:44 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-06-27 17:44 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-06-27 17:44 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-06-27 17:38 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\mmamr.ax
2008-06-27 17:38 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-06-27 17:38 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\CoreAAC.ax
2008-06-27 17:37 . 2008-06-27 17:37 468 --a------ C:\WINDOWS\system32\splitter.ax
2008-06-27 17:37 . 2008-06-27 17:37 468 --a------ C:\WINDOWS\system32\FLVSplitter.ax
2008-06-27 17:37 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\ffdshow.ax.manifest
2008-06-27 17:37 . 2008-06-27 17:38 468 --a------ C:\WINDOWS\system32\CoreVorbis.ax
2008-06-27 17:37 . 2008-06-27 17:37 468 --a------ C:\WINDOWS\system32\CoreAVCDecoder.ax
2008-06-27 13:46 . 2008-06-27 13:49 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Auslogics
2008-06-27 13:24 . 2008-06-27 13:25 <DIR> d-------- C:\WINDOWS\nview
2008-06-27 13:24 . 2005-02-24 17:32 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-27 13:24 . 2005-02-24 17:32 14,435 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-27 10:09 . 2008-07-16 09:05 <DIR> d-------- C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Sony Setup
2008-06-27 10:03 . 2008-06-27 10:03 <DIR> d-------- C:\Program Files\AviSynth 2.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 11:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-03 10:43 350,464 ----a-w C:\WINDOWS\inf\isprnt.exe
2008-06-30 20:51 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll
2008-06-30 10:29 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-26 17:29 --------- d-----w C:\Program Files\mIRC
2008-06-26 16:39 --------- d-----w C:\Program Files\NT Registry Optimizer
2008-06-26 10:37 --------- d-----w C:\Documents and Settings\larrie\Dane aplikacji\mIRC
2008-06-25 13:10 --------- d-----w C:\Program Files\auslogic
2008-06-24 12:17 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-24 11:55 --------- d-----w C:\Program Files\MarBit
2008-06-24 11:55 --------- d-----w C:\Documents and Settings\larrie\Dane aplikacji\Gadu-Gadu
2008-06-24 11:55 --------- d-----w C:\Documents and Settings\larrie\Dane aplikacji\ESET
2008-06-24 11:54 --------- d-----w C:\Program Files\ESET
2008-06-24 11:52 --------- d-----w C:\Program Files\Uniblue
2008-06-24 11:52 --------- d-----w C:\Program Files\MyPortal
2008-06-24 11:45 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-24 11:44 --------- d-----w C:\Program Files\Usługi online
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-10 16:56 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-10 16:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-10 16:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-09 10:56 90,112 -c--a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 430,080 -c--a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 180,224 -c--a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 172,032 -c--a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 -c--a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 -c--a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,291,776 -c--a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 10:12 1885464]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-07-21 16:19 6144]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 00:51 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
"ULiRaid"="C:\Program Files\ULiRaid\ULiRaid.exe" [2006-05-12 13:57 630784]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 20:25 2707456]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 17:32 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-06-25 10:32 867544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 17:32 5537792]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
Kaspersky Anti-Hacker.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe [2006-05-11 16:05:33 2195583]
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [2008-06-24 14:00:01 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-10-25 11:35]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2006-05-11 16:05]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2006-05-11 16:06]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2005-07-04 14:21]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R3 msloop;Sterownik karty Microsoft Loopback;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
R3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-31 09:47]
S3 NTProcDrv;Process creation detector for NT.;E:\isrobot\NtProcDrv.sys []
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 10:27:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 16:07:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-22 16:07:53
ComboFix-quarantined-files.txt 2008-07-22 14:07:50
ComboFix2.txt 2008-07-22 12:39:38
ComboFix3.txt 2008-07-22 11:33:30
ComboFix4.txt 2008-07-22 10:10:09

Pre-Run: 7,307,325,440 bajtów wolnych
Post-Run: 7,298,744,320 bajtów wolnych

289 --- E O F --- 2008-07-08 18:46:49

i z Tego programu pierw dalem zzeby usunol zainfekowane pliki a teraz daje normalny Raport

SmitFraudFix v2.331

Scan done at 16:12:32,90, 2008-07-22
Run from C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

???????????????????????? Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ULiRaid\ULiRaid.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\NOTEPAD.EXE

???????????????????????? hosts

???????????????????????? C:\

???????????????????????? C:\WINDOWS

???????????????????????? C:\WINDOWS\system

???????????????????????? C:\WINDOWS\Web

???????????????????????? C:\WINDOWS\system32

???????????????????????? C:\WINDOWS\system32\LogFiles

???????????????????????? C:\Documents and Settings\larrie.FRITZZ-372D3EA5

???????????????????????? C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Application Data

???????????????????????? Start Menu

???????????????????????? C:\DOCUME~1\LARRIE~1.FRI\Ulubione

???????????????????????? Desktop

???????????????????????? C:\Program Files

???????????????????????? Corrupted keys

???????????????????????? Desktop Components

???????????????????????? IEDFix
Dołączona grafika